577b3f74dbb8b5ce0108a9bb940e44062a2a1b9e3cc1f2aafc8ab50c2481f641N

Sharing

Copy URL Twitter E-mail

General

Target

577b3f74dbb8b5ce0108a9bb940e44062a2a1b9e3cc1f2aafc8ab50c2481f641N
Size

275KB
MD5

e500f395a54f6824d45435c5cba1a3c0
SHA1

f0f4d02121b4cae880b414c5320348cd9ee6dfdb
SHA256

577b3f74dbb8b5ce0108a9bb940e44062a2a1b9e3cc1f2aafc8ab50c2481f641
SHA512

8e80772ae244eb090a19fb2c19964912b80ee4e968e8c8a6041f4711779e3bf46e0ce01374caf15a8d49bcaf95da8aaf19b41153df3de3fb93b89f6dff17effd
SSDEEP

3072:rlnVltjYHSdUH/krZSjz61lSAlXer8u4V4FrdXVx2rnzDTaSuFXM2MblGi9F6e7h:bYi9rkjWJduqyFKrzDTaQ2KlGiX7h

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
577b3f74dbb8b5ce0108a9bb940e44062a2a1b9e3cc1f2aafc8ab50c2481f641N

Files

577b3f74dbb8b5ce0108a9bb940e44062a2a1b9e3cc1f2aafc8ab50c2481f641N
.exe windows:4 windows x86 arch:x86

e115be65e2e0e54ef485d7c1844f0d0a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

getsockopt
inet_ntoa
__WSAFDIsSet
bind
WSAGetLastError
getsockname
gethostbyname
listen
ntohs
connect
htons
socket
recv
send
select
WSAStartup
closesocket

kernel32

GetFullPathNameA
GetCurrentDirectoryA
FileTimeToLocalFileTime
FileTimeToSystemTime
LoadLibraryA
GetVersion
InitializeCriticalSection
ExitProcess
GetCurrentProcess
GetStartupInfoA
GetModuleHandleA
GetLastError
HeapCreate
MultiByteToWideChar
GetCurrentThreadId
TlsAlloc
GetStringTypeA
GetStringTypeW
RaiseException
GetModuleFileNameA
GetOEMCP
GetEnvironmentStringsW
GetCPInfo
GetACP
GetLocalTime
GetProcAddress

loadperf

InstallPerfDllA
UpdatePerfNameFilesA
BackupPerfRegistryToFileW

wshtcpip

WSHSetSocketInformation
WSHAddressToString

Sections

UPX1
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fCVqJZ
Size: 1024B - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 95KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.cb
Size: 2KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 338KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 121KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.i
Size: 1024B - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wr
Size: 1KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e115be65e2e0e54ef485d7c1844f0d0a

Headers

File Characteristics

Imports

wsock32

kernel32

loadperf

wshtcpip

Sections

UPX1 Size: 3KB - Virtual size: 3KB

.text Size: 14KB - Virtual size: 13KB

.rdata Size: 1KB - Virtual size: 9KB

.fCVqJZ Size: 1024B - Virtual size: 121KB

.edata Size: 95KB - Virtual size: 150KB

.cb Size: 2KB - Virtual size: 118KB

.data Size: 8KB - Virtual size: 338KB

.edata Size: 121KB - Virtual size: 146KB

.i Size: 1024B - Virtual size: 138KB

.wr Size: 1KB - Virtual size: 281KB

.rsrc Size: 25KB - Virtual size: 24KB

UPX1
Size: 3KB - Virtual size: 3KB

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 1KB - Virtual size: 9KB

.fCVqJZ
Size: 1024B - Virtual size: 121KB

.edata
Size: 95KB - Virtual size: 150KB

.cb
Size: 2KB - Virtual size: 118KB

.data
Size: 8KB - Virtual size: 338KB

.edata
Size: 121KB - Virtual size: 146KB

.i
Size: 1024B - Virtual size: 138KB

.wr
Size: 1KB - Virtual size: 281KB

.rsrc
Size: 25KB - Virtual size: 24KB